Encrypt credentials/Django settings to store in repositories
Project description
encrypted-credentials encrypts credentials to allow them to be securely added to git repositories.
It can import encrypted settings into Django defined in a python module and or a json file. Encrypted files are automatically generated.
Django settings
example
PRIVATE_settings.py
File stored in folder with django settings.py file
private_settings = {
"AWS_ACCESS_KEY_ID":"ABCDEFGHIJKLMNOP",
"AWS_SECRET_ACCESS_KEY":"ABCDEFGHIJKLMNOP"
}
settings.json
File stored in folder with django settings.py file
{
"AWS_ACCESS_KEY_ID":"ABCDEFGHIJKLMNOP",
"AWS_SECRET_ACCESS_KEY":"ABCDEFGHIJKLMNOP"
}
settings.py
from encrypted_credentials.django_credentials import add_encrypted_settings
add_encrypted_settings(globals())
Upon first execution a PRIVATE_KEY.env file will be generated with a random encryption key. DO NOT check this into repository. if PRIVATE_settings.py does not exist it will generate a template module.
set environment variable
export SETTINGS_KEY=FQQcgYWCBPE8l8IbHdcNie0WARbYHeFwCl4hIL3ecF0=
- If the
settings.json
file exists andsettings.json.enc
does not exist thensettings.json.enc
will be created.(development) - If
settings.json
andsettings.json.enc
exist then they will be compared and if differentsettings.json.enc
will be overwritten.(development) - If
settings.json
does not exist thensettings.json.enc
will be used (production)
settings.json.enc and or PRIVATE_settings.enc can be checked into git as it is encrypted with Fernet AES128 encryption
Credential files
get_decrypted_file
will automatically encrypt the original file and supply the decrypted data
from encrypted_credentials.encrypted_file import get_decrypted_file
get_decrypted_file('full_path/orginal.pem')
original.pem.enc can be checked into a repository
Credential files with Django
By default environment variable SETTINGS_KEY will be used as key
settings.py
CREDENTIAL_FOLDER = os.path.join(BASE_DIR, 'credentials')
CREDENTIAL_FILES = {
'gmail': 'service-account-abcd.json',
'drive': 'service-account-efgh.json',
}
service-account-abcd.json.enc
usage
from encrypted_credentials.django_credentials import get_credentials
credentials = get_credentials('gmail')
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for encrypted-credentials-0.0.4.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 690fd4bb324d7cfb7b3fdff20e5c65e55d8bbab2790a6f6c9006707c8cfa9d6e |
|
MD5 | 6d7cea3d1c3b44cb0901b856e9b90352 |
|
BLAKE2b-256 | 7a61b78480984393a0e5e96f1d01294ddcd491e825422f0a32eb250d20e3b2cc |
Hashes for encrypted_credentials-0.0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f6df51c52b7a36d7f0bc65f8adfd04c960b5d5eb10899875cc17806b5ad38ebf |
|
MD5 | b5bf6c9aebeb1c1644ad158bec3a61d7 |
|
BLAKE2b-256 | 491e15cf6ffe05bb3700affe1b3ff5fa52179cf54018a5f34705af7d8367f6a8 |